Collaborate Disseminate
Ransomware groups continue to refine their craft, building and scaling business models that resemble legitimate corporate enterprises, according to Rapid7. They market their services to prospective buyers, offer company insiders commissions in exchange… Continue reading Ransomware operators continue to innovate
Rapid7 launched its Command Platform, a unified threat exposure, detection, and response platform. It allows customers to integrate their critical security data to provide a unified view of vulnerabilities, exposures, and threats from endpoint to cloud… Continue reading Rapid7 releases Command Platform, unified attack defense and response
Progress Software has patched one critical (CVE-2024-5805) and one high-risk (CVE-2024-5806) vulnerability in MOVEit, its widely used managed file transfer (MFT) software product. According to WatchTowr Labs researchers, the company has been privately … Continue reading Progress quietly fixes MOVEit auth bypass flaws (CVE-2024-5805, CVE-2024-5806)
Microsoft today released updates to fix more than 50 security vulnerabilities in Windows and related software, a relatively light Patch Tuesday this month for Windows administrators. The software giant also responded to a torrent of negative feedback on a new feature of Redmond’s flagship operating system that constantly takes screenshots of whatever users are doing on their computers, saying the feature would no longer be enabled by default. Continue reading Patch Tuesday, June 2024 “Recall” Edition
Attackers have been exploiting CVE-2024-24919, a zero-day vulnerability in Check Point Security Gateways, to pinpoint and extract password hashes for local accounts, which they then used to move laterally in the target organizations’ network. … Continue reading Check Point VPN zero-day exploited since beginning of April (CVE-2024-24919)
Backdoored JAVS courtroom recording and management software installer puts thousands at risk of complete takeover.
The post JAVS Courtroom Audio-Visual Software Installer Serves Backdoor appeared first on SecurityWeek.
Continue reading JAVS Courtroom Audio-Visual Software Installer Serves Backdoor
Legitimate recording software JAVS Viewer has been saddled with loader malware and has been served from the developer’s site since at least April 2, a threat researcher has warned last month. After analyzing a flagged installer detected in a cust… Continue reading Compromised recording software was served from vendor’s official site, threat researchers say
Black Basta, one of the most prolific ransomware-as-a-service operators, is trying out a combination of email DDoS and vishing to get employees to download remote access tools. Black Basta TTPs and newest initial access attempts According to a cybersec… Continue reading Black Basta target orgs with new social engineering campaign
Cyber security operatives have been warned to look at the specific ransomware threats facing their country and industry, while closing down common pathways being used by skilled access brokers. Continue reading Asia-Pacific Ransomware Threats Depend on Country and Sector, Says Rapid7
Whether the cause is insurmountable technical debt, lack of funds, a third reason or all of them, NIST’s National Vulnerability Database (NVD) is struggling, and it’s affecting vulnerability management efforts. What happened? Anyone who reg… Continue reading NIST’s NVD has encountered a problem